2026 cleanup

2026-06-02 11:11:36 +02:00
parent 099e37e08a
commit 77e1caa3bc
10 changed files with 237 additions and 0 deletions
--- a/server/firewall.tf
+++ b/server/firewall.tf
@@ -0,0 +1,46 @@
+#resource "google_compute_firewall" "deny" {
+#  name        = "deny-all"
+#  network     = "default"
+#  direction   = "INGRESS"
+#  deny {
+#    protocol = "all"
+#  }
+#  target_tags   = ["skz-opack"]
+#  source_ranges = ["0.0.0.0/0"]
+#  priority = 1001
+#}
+
+resource "google_compute_firewall" "icmp" {
+  name        = "allow-icmp"
+  network     = "default"
+  direction   = "INGRESS"
+  allow {
+    protocol = "icmp"
+  }
+  target_tags   = ["skz-opack"]
+  source_ranges = ["0.0.0.0/0"]
+}
+
+resource "google_compute_firewall" "wireguard" {
+  name        = "allow-wireguard"
+  network     = "default"
+  direction   = "INGRESS"
+  allow {
+    protocol = "udp"
+    ports    = ["5353"]
+  }
+  target_tags   = ["skz-opack"]
+  source_ranges = ["0.0.0.0/0"]
+}
+
+resource "google_compute_firewall" "ssh" {
+  name        = "allow-ssh"
+  network     = "default"
+  direction   = "INGRESS"
+  allow {
+    protocol = "tcp"
+    ports    = ["22"]
+  }
+  target_tags   = ["skz-opack"]
+  source_ranges = ["0.0.0.0/0"]
+}